-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify a maximal depth of backtracking for the pattern attribute on input elements #9469
Comments
This is a limit that appears to be implemented in the regular expression engine. It doesn't seem specific to |
For Blink, the limit does not apply to JavaScript code, i.e. Only Blinks |
@schuay @pthier, given that, do we really need to apply |
Yes IMO this still makes sense - for Blink's ScriptRegexp, the reasoning is described at crbug.com/966405 and https://bugs.chromium.org/p/chromium/issues/detail?id=89872#c26. |
There's no spec yet, see whatwg/html#9469
@Constellation do you think it would make sense to have the limit on regular expressions only for |
I think it makes sense for RegExp engines to put a cap on recursion for both Scripts and HTML. Otherwise, as we can see, it is easy to create a webpage that hangs. |
Thanks! I filed tc39/ecma262#3166 so TC39 can figure out how they want to approach this. Unless they define a limit inline, we'll need some kind of host hook if we are to enforce a limit. |
There's no spec yet, see whatwg/html#9469
There's no spec yet, see whatwg/html#9469
…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898
…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898 UltraBlame original commit: 871a2a733ec4d9e7705838554b960dfa4c86ad62
…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898 UltraBlame original commit: 871a2a733ec4d9e7705838554b960dfa4c86ad62
…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898
…be tentative, a=testonly Automatic update from web-platform-tests HTML: infinite_backtracking.html should be tentative There's no spec yet, see whatwg/html#9469 -- wpt-commits: 2f2a72d30ef5153c1bc6cbfe22449c2b3e8a4090 wpt-pr: 40898 UltraBlame original commit: 871a2a733ec4d9e7705838554b960dfa4c86ad62
There's no spec yet, see whatwg/html#9469
WebKit and Blink enforce a maximal depth of backtracking of 1,000,000 (see here for WebKit, here for Blink) when checking an input's value against a regular expression specified in #the-pattern-attribute. Gecko is discussing this in Bug 1837772. Without such a limit, a pattern like
(\d+)*
can hang a tab.Such a backtracking limit could be included in the spec around the pattern attribute and it might be worth to discuss whether this limit should also be applied in other situations. There is already this wpt testing this behavior.
The text was updated successfully, but these errors were encountered: